Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits: adc3b7ef by Thorsten Alteholz at 2020-09-24T15:09:19+02:00 add ruby-gon - - - - - f8454d9b by Thorsten Alteholz at 2020-09-24T15:11:45+02:00 mark CVE-2020-11986 as no-dsa for Stretch - - - - - 26cf0ecd by Thorsten Alteholz at 2020-09-24T15:13:36+02:00 add brotli - - - - - 4088557d by Thorsten Alteholz at 2020-09-24T15:17:17+02:00 mark CVE-2020-5421 as no-dsa for Stretch - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -31111,6 +31111,7 @@ CVE-2020-11987 RESERVED CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) - netbeans <unfixed> + [stretch] - netbeans <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) - apache2 2.4.25-1 @@ -48946,6 +48947,7 @@ CVE-2020-5422 RESERVED CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) - libspring-java <unfixed> + [stretch] - libspring-java <no-dsa> (Minor issue) NOTE: https://tanzu.vmware.com/security/cve-2020-5421 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...) NOT-FOR-US: Cloud Foundry ===================================== data/dla-needed.txt ===================================== @@ -28,6 +28,8 @@ ark NOTE: 20200907: patch https://people.debian.org/~abhijith/upload/backport_to_1608.patch crashes (abhijith) NOTE: 20200921: CLI works but GUI not, It seems the fix is not compatible with the old architecture (abhijith) -- +brotli +-- cacti NOTE: 20200529: A patch need to be cooked up. Upstream patch not fit for jessie version (abhijith) NOTE: 20200620: WIP (abhijith) @@ -151,6 +153,8 @@ ruby-doorkeeper NOTE: 20200831: in case it's really DLA worthy, I'd be very careful with this update. (utkarsh) NOTE: 20200831: more investigation needed. (utkarsh) -- +ruby-gon +-- ruby-json-jwt (Utkarsh) NOTE: 20200914: testing against the new reproducer. (utkarsh) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dc5df5ddd4919489c57865ce2efca94dd031b894...4088557d524f97528fbd28fb18ca79311b3f66d5 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits